We see a notable rise in security breaches over the Christmas period. Attackers know businesses are distracted, teams are thinner on the ground, and decision-makers are harder to reach. It’s a moment where small gaps become opportunities, and those opportunities are actively exploited – from targeted phishing and human error to physical break-ins.
Whether this is your busiest time or your quietest, having a practical response plan matters. A breach won’t wait for offices to reopen or for your staff and suppliers to return from holiday.
As you get ready for the festive period, consider how communication would work during a breach, especially if key decision-makers are unavailable. Make sure the right people know who to contact, who has authority, and what the escalation path looks like. Think about how your sites, equipment and systems are secured when fewer people are present, and how access is managed with suppliers, contractors or temporary staff. Add winter weather, power cuts, burst pipes or travel disruption into the mix and things become harder to control very quickly.
Taking time now to prepare puts you in a much stronger position to respond quickly, minimise disruption and maintain trust whatever the season brings.
Prepare for a breach before it happens
The best defence is a well-prepared plan:
Key Contacts – Ensure key personnel are reachable, even during the holidays. Maintain a list of key IT staff, decision makers, and third-party vendors who would need to be contacted in case of an incident. As part of this review your keyholders and who has access to your buildings and facilities. Â
Supplier Support – Confirm your suppliers are on standby to assist with critical needs like alarm responses, data recovery, IT outages, property damage or infrastructure repair.Â
Insurance Ready – Know exactly who to contact from your insurance provider in the event of a harmful event. Confirm that your insurance coverage is up to date and covers holiday season risks.
Secure your digital spaceÂ
Cyber threats spike during the festive season, as threat actors exploit the festive opportunities and human nature. Here’s how to stay safe:Â
Device Safety – If you’re closing for the holidays, turn off unused devices such as computers, TVs, and laptops left in the office. This eliminates risks when not in use and helps save on energy costs. If you’re travelling, attending a Christmas party, or carrying devices with you, switch them off when not in use, and keep them secure. Hold on to your phones closely if out and about during the festive period to prevent theft. Before travel, ensure devices are updated, encrypted, securely locked, or shut down to protect your data and access.
Scams – During the festive period scams typically increase, whether by email, SMS or phone call. Attackers may impersonate suppliers, banks or senior staff to pressure teams into making payments, sharing credentials or granting access. Staff should feel confident verifying independently and calling back using trusted contact details, not the ones provided in the message or call.
New Technology – Christmas often bring new gadgets, but they can be a security risk if not set up properly. Before using any new devices, whether for work or personal use, ensure they are updated with the latest software patches and antivirus protection as a minimum.
Protect your physical premises
Whether it’s your business premises or home, vacant properties are prime targets for theft and break-ins during the holidays:
Secure Alarms and Cameras – Service and test your security systems ahead of time, including alarms and CCTV cameras, to ensure they’re functioning correctly. Grime and poor weather can obscure CCTV, so ensure your cameras are cleaned and operational before you down tools and begin the festivities. Â
Lighting and Checks – Ensure well-lit surroundings in and around your business premises. Adequate lighting not only improves visibility but also acts as a deterrent against criminal activities, especially during the darker winter evenings. Â
Insider Threats
The pressures of the holiday season, including financial strain, personal stress, and family pressures, can significantly increase the risk of insider threats especially in teams that are operating skeleton staffing regimes:
Mitigation – Implement strict access controls to sensitive data and systems. Regularly monitor user activity and set clear protocols for reporting suspicious behaviour. Consider locking out accounts that don’t need to access systems over the festive period, for added security. Â
Employee Education and Support – Providing support for your employees during the holiday season can go a long way in reducing the risk of insider threats. Make sure that staff are aware of the importance of maintaining security practices, even when under personal stress or lone working. Â
Temporary workers and seasonal staff – Think about temporary workers and seasonal staff. They’re often outside your full training cycle but still able to access systems, premises or customer data. Short, targeted guidance can help protect the organisation without slowing productivity.
Build a resilient holiday strategy
A resilient business is one that is prepared for any disruption:
Disaster Recovery Plan – Ensure it’s up to date and includes supplier contact information for immediate support. Ensure you have insurance details to hand.
Clear Shutdown Procedures – Communicate to staff which devices and systems should be powered down before the break.
Employee Awareness – Provide training or reminders about phishing scams, safe remote work practices, and recognising potential threats.
Monitor and Respond – Keep a “superhero team” on standby. Experts who can jump in if a breach occurs. Whether internal staff or external support, ensure someone is ready to act. By taking these proactive steps, you can protect your business and ensure you start the New Year on the right foot.Â
The most effective organisations take time now, before the break, to prepare. That doesn’t just reduce risk it ensures you can act quickly, keep people safe, reduce disruption and protect trust if something does go wrong. The holidays should be a time to switch off and recharge, but only if your business is ready to do the same safely.Â